Airbus CyberSecurity Predictions for 2018 - Threats via social media and Wireless networks will dominate next year

Researchers at Airbus’ external Cyber Security business have compiled their top technology predictions for 2018, based on trends identified at its Security Operations Centres in France, UK and Germany during 2017.

Prediction 1: A lack of social media security policies will create serious risks for enterprises

As observed during 2017, social media platforms are regularly being used for the spread of fake news or the manipulation of public opinion. But social media can also be used for sophisticated social engineering and reconnaissance activities which form the basis of many attacks on the enterprise. Criminals and hackers are known to use these platforms to distribute malware, push rogue antivirus scams and phishing campaigns to lure their victims.

Markus Braendle, Head of the Airbus CyberSecurity business: “Social media provide the medium for connecting people globally, in the rapid exchange of ideas, discussions and debates in our digital world. However, from an attacker’s perspective, social media have become an easy target because of the number of non-cyber security savvy users, and the fact that these platforms are easy and cost effective to use. To protect themselves against social media attacks, organisations need to implement enterprise-wide social media security policies. This includes designing training programs for employees about social media usage, and creating incident response plans that coordinate the activities of the legal, HR, marketing and IT departments in the event of a security breach.”

Prediction 2: Attacks on Wireless networks will escalate

Attacks on Wireless networks will increase as attackers seek to exploit the Key Reinstallation Attack (KRACK) vulnerability, first made public in October 2017.

The vulnerability can allow an attacker to intercept and read Wi-Fi traffic between devices and a WiFi router, and in some cases even modify the traffic to inject malicious data into websites. It could also allow attackers to obtain sensitive information from those devices, such as credit card details, passwords, chat messages and emails.

Braendle continues: “We can expect to see an escalation of attacks over public or open WiFi connections, and in turn, an increased security provision by organisations that offer such services to their customers. Such attacks may be particularly damaging for people using old devices that are no longer supported by vendors, making them an attractive target for cyber criminals. These threats may also trigger an increased use of Virtual Private Networks (VPN) by the most security conscious users.”

Prediction 3: Encryption will continue to represent challenges for law enforcement

Concerns about data privacy, the increasing use of cloud computing, an increase in data breaches and the introduction of General Data Protection Regulation (GDPR) will all contribute to the emergence of End to End Encryption (E2EE) as the most effective way for enterprises wishing to secure their data. But E2EE will also represent some challenges to law enforcement as criminals continue to use this technique for espionage and subversion.

Braendle continues: “When weighing up the cost of any security solution, it’s important to consider the financial impact of suffering a security incident. After General Data Protection Regulation (GDPR) comes into effect, organisations could be fined up to 4% of their global turnover in the event of a data breach – so the cost of any solution must always be viewed in relation to the risks involved.”